iptables NAT not working for me, cannot redirect

[charliek]

Hi all

I have nano, updated to the latest version, configured to use 192.168.2.* subnet so that I can connect from OSX. Most modules work just fine - I am online, tcpdump, urlsnarf, ... all work. However, anything that needs iptables redirection does not work - namely EvilPortal. Inspecting traffic using tcpdump (and wireshark) indicates nothing wrong - everything works and if I connect to the Pineapple nano access point, I can access the internet - all traffic is forwarded from br-lan through the USB connection and then through computer WiFi to the net.

I tried to configure iptables many different ways, specifying source IP address, source network interface ... yet iptables rule for prerouting never gets hit. I don't know how to debug further, any help would be highly appreciated - I've spent now over three weeks googling, testing, .... no success.

This is what I tried:

iptables -t nat -A PREROUTING -i br-lan -p tcp -j DNAT --dport 80 --to-destination 192.168.2.10:80

(mind you, 192.168.2.10:80 is the local nano web)

route is added, I also tested with -I (instead of -A), -s with netmask (instead of -i), nothing

running 'iptables -t nat -L PREROUTING -v' shows that target delegate_prerouting gets packets and traffic but the newly added rule, which is above delegate_prerouting, gets 0:

# iptables -t nat -L PREROUTING -v
Chain PREROUTING (policy ACCEPT 4 packets, 644 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  br-lan any     anywhere             anywhere             tcp dpt:www to:192.168.2.10:80
   46  9676 delegate_prerouting  all  --  any    any     anywhere             anywhere

Again, I tried specifying the source different ways, no luck. Wireshark shows that indeed there is traffic coming from the source address, with destionation port 80 - but there is no redirection.

What am I doing wrong, please? Any help would be really appreciated